We are grateful for the trust you place in us when you input patient data into Xchart.
We take this trust very seriously. Historically, our challenge has been to find ways to confirm not only to potential customers but also to ourselves that we are living up to our security and privacy ideals.
While we have always prioritized security, we haven't always had effective methods to demonstrate our commitment. Frankly, you have every right to probe your digital service providers with questions.
Questions such as:
- What security measures do you have in place?
- Who has access to my data?
- Where does my data reside?
- What happens if there is a data breach?
- What assurance can you provide that you'll maintain your service's availability?
The larger the institution, the more essential these questions become. That's why state-funded universities, large DSOs (Dental Service Organizations), and other larger groups often mandate their vendors to undergo security audits and maintain certain policies.
Enter Drata
Earlier this year, we began a collaboration with a compliance and security framework company named Drata.
Drata offers a service that assists companies like ours in implementing, maintaining, and showcasing a solid security and compliance stance.
Here's how it works:
- We establish a set of security policies and procedures.
- Drata aids us in documenting and upholding those policies and procedures.
- Drata seamlessly integrates with our Google Cloud account (which hosts our servers), our code storage systems, our HR system, and even our individual laptops through a subtle taskbar application running in the background.
- Drata continuously observes our systems to ensure we adhere to those policies and procedures.
For example, if we bring on a new contractor via our HR system, Drata will automatically detect that and ensure that they are added to our security training program, that they are required to use two-factor authentication, and that they are required to use a password manager.
Likewise, if we introduce a new service to our Google Cloud account, Drata will promptly identify this and alert us if it's not equipped with the proper security configurations.
Our New Trust Center Page
To aggregate all this information in a way that is useful, we have a new Trust Center page. This page is consistently updated with the freshest details on our security and compliance, courtesy of Drata.
What does this mean for you?
If you're considering Xchart as a solution for your mobile anesthesia group, DSO, Ambulatory Surgery Center, University, or even if you're just a meticulous individual provider, you now have more assurance and ways to verify our security and compliance posture.
If you're an existing customer, you can rest assured that as we grow and evolve the Xchart product, we are also continuously enhancing our security and compliance procedures. This work never stops; it's an ongoing process. We don't claim to have achieved perfection, but we are committed to the effort and maintaining transparency throughout.
We aspire to manage our internal operations with the same systematic rigor that we hope Xchart, as a product, helps you bring to your anesthesia practice.
Thanks for your continued trust and support.
Stay paperless,
Henrik Joreteg, CEO